RE: router configs/OSPF - interfaces or entire networks? [7:16259]
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 11:41 AM To: [EMAIL PROTECTED] Subject: RE: router configs/OSPF - interfaces or entire networks? [7:16213] The net statements identifies networks, local to the router, which will participate in OSPF. The net command should designate the network in which the interface belongs. It is not possible to have an interface participate in OSPF w/out the subnet of that interface also participating in OSPF. begin CL comment: technically, you place interfaces into the OSPF process, not networks. In previous discussions here, I recall we concluded that the OSPF process then looks at the interface configurations, and ascertains from that the network to be advertised. Conceptually speaking, there is a difference in placing interfaces versus placing networks into the process. suppose, for example, all my interfaces were numbered x.y.24.z and I used the following command: network x.y.24.z 0.0.0.0 area something what you are telling the OSPF process is to include every interface with an address that matches the address pattern in the OSPF process. from there the networks are determined. Otherwise, why wouldn't the command be network a.b.c.d 255.192.0.0 for example, using the net and mask form? end of CL comment The different scenarios descriptions of what should be advertised is a matter of semantics. They are saying the same thing two different ways. If you have a 255.255.255.252 on and interface don't specify the network as 0.0.0.255 unless you all interfaces with IP's within the /24 block to participate in the same process and area. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Levine Sent: Wednesday, August 15, 2001 12:11 PM To: [EMAIL PROTECTED] Subject: router configs/OSPF - interfaces or entire networks? I have noticed in some lab scenarios that when the instructions say that a router interface should be advertised in a routing protocol, the labs sometimes advertise only the interface, othertimes an entire subnet. For example, let's say it's an ethernet interface with address 192.168.1.1/24 being advertised under OSPF. I've seen the following: router ospf 64 net 192.168.1.1 0.0.0.0 area 0 or router ospf 64 net 192.168.1.1 0.0.0.255 area 0 I wouldn't be concerned if there were some consistency. I've seen the lab instructions state "interface" and then seen the entire network advertised and vice-versa. Any thought? Jeffrey S. Levine _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp **Please read:http://www.groupstudy.com/list/posting.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16259&t=16259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX static map question [7:15983]
clear xlate to make your changes in affect sequence doesnt matter Best Regards Have A Good Day!! *** Farhan Ahmed* MCSE+I, MCP Win2k, CCDA, CCNA, CSE Network Engineer Mideast Data Systems Abudhabi Uae. *** Privileged/Confidential Information may be contained in this message or Attachments hereto. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, Conclusions and other information in this message that do not relate to the Official business of this company shall be understood as neither given nor Endorsed by it. > -Original Message- > From: Munzir Khan [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 16, 2001 10:12 AM > To: [EMAIL PROTECTED] > Subject: RE: PIX static map question [7:15983] > > > Question for MAJDI & EVANS > > just a quick question, Is it really require to restart the > pix firewall to > take effect the new settings?? > > another question is defining static map for > INSIDE/DMZ/OUTSIDE should be in > sequence or it does not mater whatever sequence you make. > > for example > > static (inside,outside) 212.x.x.10 192.168.0.30 netmask > 255.255.255.255. 0.0 > > static (inside, DMZ) > static (inside) > static (inside,outisde) > > see above it is not in sequence i have the same case, I > applied the settings > you have suggested but it is not even ping to that IP from > outside ... also > tell me Conduit need to be also arranged by the Ip addresses ??? > > please suggest!!! [GroupStudy.com removed an attachment of type application/octet-stream which had a name of Farhan Ahmed.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16258&t=15983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LANE IP problem [7:16257]
Hi All, I have a problem with configuring LANE on: Cisco 3600 router -> Marconi ATM switch -> Catalyst 5000 LAN switch with a LANE module. The config for the Marconi switch has been done by someone that knows the equipment config, and I know that part is correct. The 3640 router has ATM mode and I used the configs from: http://www.cisco.com/univercd/cc/td/doc/product/atm/c8540/12_0/13_19/sw_cnfi g/lane_cnf.htm I only used the ELAN name "default", and not "eng_elan". The Catalyst 5500 has a SupII, 1*24 port 10/100, and a ATM LANE module installed, agian using the config from above. When looking at the "show cdp nei details" I can see that the both the router and the LAN switch has layer 2 conection, showing the remote detail and ip info. If I look at the "sh lane" info on both side look 100% and up. On the 5500 I have also configured the sco interface with an IP and added it to the default VLAN 1. Why do I see the 3640 and the 5500 on either side with the CDP protocol, but I can't ping the other side IP address, using the same subnet?? I can even ping the ATM switch in the middle from the router, but not from the catalyst. What am I missing ? I look all over the CCO and can't find anything more than what I have know. If someone can give me a clue or method to sovle this problem I will be ever thankful ... O yes, I'm doing my lab on the 27th (Aug 01) of this month, so does someone have any last minute tips or any info that would help me pass this lab? Thanks Jacques Allison [EMAIL PROTECTED] ccnp+sec, ccdp, mcse, ase Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16257&t=16257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ISDN Simulator [7:16212]
Has anyone had experience with this isdn simulator? Would you rate it on the same line as the Emutel and Teltone? http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItem&item=1264979437 Thanks Paul C Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16212&t=16212 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Best Materials For CCIE Written and Lab Exams [7:16196]
Sounds great Dennis. Thanks for including me. I will check into it and see if I can fit it in with the boss. It seems like an excellent way to prepare and I have heard a lot of positive things about CCBootcamp. Dennis Laganiere wrote: >Why don't you join us in Detroit in September? We're going to do a >three-day marathon study session for the written exam. Two days of directed >lecture, a mock exam the morning of the third day, and in the afternoon, >everybody takes the actual exam. CCBootCamp is hosting it, and you can find >the details on their page... > >--- Dennis > >-Original Message- >From: George Murphy CCNP, CCDP [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, August 15, 2001 9:31 AM >To: [EMAIL PROTECTED] >Subject: Best Materials For CCIE Written and Lab Exams [7:16196] > > >Hi Folks, I am seeking advice on materials for the CCIE written and lab >exams. I have been considering the McGraw Hill "All-In-One" CCIE study >guide as well as their CCIE "Lab Practice Kit". I have been watching the >published dates of these and considering that as a factor but would >appreciate any suggestions or feedback from anyone who has found any of >the resources available out there to be the best (CCPrep, Boson etc, >etc). I have also read reviews on each one but value responses from this >list more. Thanks for any assistance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16255&t=16196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Best Materials For CCIE Written and Lab Exams [7:16196]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Those are good starting points but as you get the hang of lab work you'll want to start doing Fatkid, Solution Labs, and of course ccbootcamp. John Kaberna CCIE #7146 NETCG Inc Cisco Premier Partner www.netcginc.com (415) 750-3800 Fax: 750-3900 __ CCIE Security Training: www.netcginc.com/training.htm CCIE Routing/Switching Training www.ccbootcamp.com ""George Murphy CCNP, CCDP"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Folks, I am seeking advice on materials for the CCIE written and > lab exams. I have been considering the McGraw Hill "All-In-One" > CCIE study guide as well as their CCIE "Lab Practice Kit". I have > been watching the published dates of these and considering that as > a factor but would appreciate any suggestions or feedback from > anyone who has found any of the resources available out there to > be the best (CCPrep, Boson etc, etc). I have also read reviews on > each one but value responses from this list more. Thanks for any > assistance. > Nondisclosure violations to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBO3sEWTeIsyIIPGJPEQJF5gCfZoACVevzTBrxMWgWKKIcBMmrgMYAn1li D20MZFX3WX2m7NcwDOyHb6SA =0IjA -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16235&t=16196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Best Materials For CCIE Written and Lab Exams [7:16196]
I love the Lab Practice Kit - the price-per-lab ratio is low, and it's a great stepping stone towards the larger lab collections (ccbootcamp, etc.). There are a lot of mistakes, but it's kind of fun to figure out what they're *really* trying to say. There are also a few oddities - in the solutions, the authors left the "no ip classless" command in place. They did their labs with IOS 11.2, and no ip classless is the default, but there's no explanation as to why you would or why you would not leave that command in place - something to work out in your practice lab! BJ -Original Message- From: George Murphy CCNP, CCDP [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 12:31 PM To: [EMAIL PROTECTED] Subject: Best Materials For CCIE Written and Lab Exams [7:16196] Hi Folks, I am seeking advice on materials for the CCIE written and lab exams. I have been considering the McGraw Hill "All-In-One" CCIE study guide as well as their CCIE "Lab Practice Kit". I have been watching the published dates of these and considering that as a factor but would appreciate any suggestions or feedback from anyone who has found any of the resources available out there to be the best (CCPrep, Boson etc, etc). I have also read reviews on each one but value responses from this list more. Thanks for any assistance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16199&t=16196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Best Materials For CCIE Written and Lab Exams [7:16196]
Why don't you join us in Detroit in September? We're going to do a three-day marathon study session for the written exam. Two days of directed lecture, a mock exam the morning of the third day, and in the afternoon, everybody takes the actual exam. CCBootCamp is hosting it, and you can find the details on their page... --- Dennis -Original Message- From: George Murphy CCNP, CCDP [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 9:31 AM To: [EMAIL PROTECTED] Subject: Best Materials For CCIE Written and Lab Exams [7:16196] Hi Folks, I am seeking advice on materials for the CCIE written and lab exams. I have been considering the McGraw Hill "All-In-One" CCIE study guide as well as their CCIE "Lab Practice Kit". I have been watching the published dates of these and considering that as a factor but would appreciate any suggestions or feedback from anyone who has found any of the resources available out there to be the best (CCPrep, Boson etc, etc). I have also read reviews on each one but value responses from this list more. Thanks for any assistance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16200&t=16196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written advice [7:16188]
Patrick, You are right on track .Here is a list of resources that I used to prepare for the CCIE written exam : 1) Book by Caslow 2) Internet routing Arch by Halabi 3) Token Ring paper from www.ccprep.com 4) Jeff Doyle Routing TCP/IP Volume I 5) RIF paper from www.groupstudy.com 6) OSPF Design Guide from CCO 7) Study notes from cramsession.com 8) Exam cram book 9) Boson tests 1,2 and 3 10) CCIE Study guide from www.ccbootcamp.com Wish you all the best ... Jaspreet Bhatia Patrick Donlon wrote: > I'm slowly starting to get back into reading for the R&S written exam after > starting a new job and I've made a rough list of what will guide me too and > hopefully through the exam. > > I've started on Doyle's Routing TCP/IP vol 1, > next I've got the Token ring white paper from CCprep and OSPF design guide > from CCO, > planning on getting CCIE R&S Exam cram book and Boson tests 1,2 and maybe 3. > > Obviously everyone has a different approach to an exam but if there are any > major topics I'm missing out on please let me know and also recommendations > on the exam preparation book, > > cheers > > Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16192&t=16188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX static map question [7:15983]
Question for MAJDI & EVANS just a quick question, Is it really require to restart the pix firewall to take effect the new settings?? another question is defining static map for INSIDE/DMZ/OUTSIDE should be in sequence or it does not mater whatever sequence you make. for example static (inside,outside) 212.x.x.10 192.168.0.30 netmask 255.255.255.255. 0.0 static (inside, DMZ) static (inside) static (inside,outisde) see above it is not in sequence i have the same case, I applied the settings you have suggested but it is not even ping to that IP from outside ... also tell me Conduit need to be also arranged by the Ip addresses ??? please suggest!!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16256&t=15983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Connecting two Routers through their Serial Interfaces [7:16251]
Yes it is possible You will have to set the clock rate on one router and the bandwidth rate on both, you can do this through hyper terminal. Once your logged in; type "en" for enable configuration from there use the "?" to bring up help menus ! the command for entering the serial interface once in the enable mode will be something like; int s0 (or s1 depending on which serial port) Good Luck, Bryan ""Hamid"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi group, > > Can anyone tell me if it's possible if you want to connect two routers > Bach-to Back using their serial interfaces. > > And if possible how should I configure the serial inetrfaces. > > Thanks in advace > > Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16251&t=16251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Apology for: MCSE in 2 Weeks or CCNA/CCDA in 6 days [7:16252]
I just did Globalnets (www.lammle.com) CCNA/CCDA 6 day class in Dallas Texas last week and thought it was an awesome course. It took me from 0-70% in 5.5 days ! Bryan ""Donald B Johnson jr"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey I just talked to a buddy that just got back from their last class. He > said that the camp was awesome and that it ran for over 16 hours everyday > for 16 days. He also said that the instructor was a double CCIE that was > knowledgeable, patient, and easy to work with. My buddy described it as more > of a CCIE lab type training than a CCNP class, echoing your thought about > not just covering the esoteric test facts but providing excellent hands-on > labs, covering all the phy stuff including modem to modem connections with a > tone generator, ISDN, all flavors of serial, and ATM. Of course all the > major protocol stuff (RIP, the GRP's, OSPF, IS-IS, AND OF COURSE BGP) > including multiple area and AS labs, mutual redistribution, policy based, > extended lists both IP and IPX, traffic shaping, DDR, Dial-Backup and the > list went on. > > Another issue; I'm am under the impression that this list is moderated so if > it got through anybody can comment on it. So why don't y'all grow some hair > and give the moderators an ear full not Jeremy. Yah That'll happen. > > > > > - Original Message - > From: "Wright, Jeremy" > To: > Sent: Tuesday, August 14, 2001 12:58 PM > Subject: RE: Apology for: MCSE in 2 Weeks or CCNA/CCDA in 6 days [7:16080] > > > > I apologize to everyone on the list for the message about the camp. MY > > MISTAKE. Please note that Bellanca has never made a mistake. Thank you. > > > > > > -Original Message- > > From: Bellanca Smythe > > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, August 14, 2001 2:32 PM > > To: Wright, Jeremy; [EMAIL PROTECTED] > > Subject: RE: Apology for: MCSE in 2 Weeks or > > CCNA/CCDA in 6 days [7:16076] > > > > You receive a message that looks like this: > > > > -Original Message- > > From: Ron Rubens [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, August 14, 2001 10:13 AM > > To: [EMAIL PROTECTED] > > Subject: MCSE in 2 Weeks or CCNA/CCDA in 6 days > > > > > > > > ** > > Get your MCSE in 2 Weeks or CCNA / CCDA in 6 days for > > the lowest price ever. We are blowing out the last seats in > > our August and September classes. > > CALL NOW! > > (800) 330-1446 www.intenseschool.com > > ** > > > > > > And you think it's from groupstudy? You must really think > > people on this > > list are stupid. I think you owe the entire group an apology > > for your latest > > "directions" for those that commented about you spamming the > > list. > > > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of > > Wright, Jeremy > > Sent: Tuesday, August 14, 2001 1:34 PM > > To: [EMAIL PROTECTED] > > Subject: RE:Apology for: MCSE in 2 Weeks or CCNA/CCDA in 6 > > days > > [7:16076] > > > > > > I received this message about the bootcamp in my personal > > email and thought > > it was from the cisco groupstudy list. So I responded with > > my comments about > > the camp to the list, my mistake. Everyone who responded is > > so uptight. > > Maybe try having a drink or an enema or somethingit's > > just a > > message..I'm sorry > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16252&t=16252 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco CCNA Audio Tapes [7:16250]
Anyone know if anyone makes audio cassettes/CD's for working on your Cisco CCNA certifications ? ? ? ? Bryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16250&t=16250 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: configuration register reference [7:16249]
5 is a console speed setting for those routers that can go above 9600. With bits 5 11 and 12 you have eight console speed settings not four. Cheers, Fred. Chuck Larrieu wrote: > > I've seen several posts recently asking for references on the config > register settings. > > the following link to a spreadsheet originally prepared by Adam Quiggle may > be of interest. > > http://home.nc.rr.com/quiggle/ConfigReg.xls > > HTH > > Chuck > **Please read:http://www.groupstudy.com/list/posting.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16249&t=16249 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Free Cisco Book - 7200 Series Router [7:16201]
Still haven't received the last "free" book I requested, and that was month ago... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16248&t=16201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Simulating SNA traffic in a network [7:16247]
Hi Folks, Seems a while I read an e-mail that there maybe some IOS versions which let you simulate SNA traffic. Ifnos does anyone remember or know anything about it? Thank you, Raul Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16247&t=16247 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Lightstream 100 Password Recovery [7:15937]
Just for the record (and the archives), the solution for this is to call Cisco. The solution involves a hidden command, and a special convoluted password to get into said mode. After getting into that mode, another hidden command will remove the password, allowing you to reboot the machine and get prompted for a password after it boots. I was not able to find this issue before, and I understand why now. Because of the way the lightstream 100 operates, I asked if this method could be posted, to help others with this situation, and the rep asked me not to, that they should call the TAC for assistance. So, this posting is just for future reference for anyone searching for the same problem. -chris wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I've seen a few posts in the archives about performing password recovery on > a Lightstream 100, but no answers... Does anyone have a link or instructions > on how to recover the password on one of these? > > -chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16246&t=15937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fob ??? [7:16224]
> Does "Fob" in Key Fob stand for anything when referencing a Token? Weird > word/acronym (it)... > How on earth is this related to anything that this list is about? Anyway, a fob is a small pocket on the front of a man's pants or vest. I know I have some slacks that still have a fob, but just one or two pair. This was used to hold one's pocket watch in the time when gentelmen carried such things. It later evolved to reference the chain used to hold a pocketwatch (haven't you read the "Gift of the Magi"?) and then to anything attached to such a chain. So, since we don't generally wear pocketwatches, the fob is now an ornamental (or in this case not so ornamental) attachment to a chain, here being ones keychain. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16245&t=16224 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about the CCIE groupstudy - Is there a moderator? [7:16244]
It takes a couple of weeks. In the meantime, the archives are available on the groupstudy website. ""[EMAIL PROTECTED] (Timothy Ouellette)"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello all. I have recently passed the tried to join the CCIE lab > groupstudy by sending an email stating my lab date and the time I > passed the written but I haven't heard anything back about it. Is > there a moderator of it, hopefully they "hang out" here too and will > see this message. Thanks a bunch. > > TIm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16244&t=16244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco discontinue the CTMP program? [7:16243]
Just a news to everyone from my channels manager. Cisco may take away the trade in program as you all might know. The official news might release by 20th August 2001. Regards, Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16243&t=16243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Datalink connectivity issue... a very interesting [7:15960]
One of the bogus interfaces on a 2621 router was causing the problem (area 1 router)! As soon as I swapped the router, everything worked fine! UNBELIEVABLE! Thanks to all who had suggested regarding to this problem. Thanks again! Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of EA Louie Sent: Tuesday, August 14, 2001 1:30 AM To: [EMAIL PROTECTED] Subject: Re: Datalink connectivity issue... a very interesting [7:15960] Sounds like an ARP problem to me...did the ARP caches on both routers show both IP addresses? If so, did the MAC addresses resolve correctly? -e- - Original Message - From: Albert Y. Pak To: Sent: Monday, August 13, 2001 8:42 PM Subject: RE: Datalink connectivity issue... a very interesting [7:15960] > Hi Priscilla, > I checked everything that I could... IP addresses (no duplication), cables, > switch port LEDs, VLAN configuration (I even switched with a regular switch > without VLAN configured), hard code full duplex on both ends, remove auto > negotiation between router port and the switch port... Whatever you have > suggested in here I have done it all at least twice. I don't see errors when > I did sh int e0/0 and sh int faste0/0. That is the weird part of all > This problem gets my "rear end" kicked hard! > I will look into it again. Hopefully, I will resolve this issue. And I will > definitely let you know. > This is an interesting problem, isn't it? IP addresses and both interfaces + > protocols are up but you can't ping each other. > > WEIRD!! > > Thanks, > Albert > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Priscilla Oppenheimer > Sent: Monday, August 13, 2001 10:35 PM > To: [EMAIL PROTECTED] > Subject: Re: Datalink connectivity issue... a very interesting [7:15960] > > > What does "show int ethernet" on Router 1 and "show int fa" on Area 1 > Router show? Lots of errors? You say you turned off full duplex. On the > routers or on the switches? You may want to hard code duplex on both ends > of the connection, (although sometimes that doesn't work either. ;-) > > It seems like it could be an auto negotiation problem. Note that the > negotiation occurs between R1 and its switch port. A separate negotiation > occurs between Area 1 Router and its switch port. (Sorry if that's obvious, > but your wording made it sound like you thought those two separate > connections could affect each other.) A show int will help you determine if > there's a problem. You'll see lots of collisions, late collisions, FCS > errors, etc. > > You say VLAN 1 configuration is OK. Question your assumption. ;-) Can you > do some testing without VLANs? > > Other theories are going to just be guesses because we don't have enough > info, but check that the IP addresses and masks are really what you say > they are and that the addresses don't belong to some other devices > (duplicate IP addresses). > > It's annoying when you get a complicated network like you describe working > and then some simple thing goes wrong, eh? Can you let us know what you > find out? Thanks. > > Priscilla > > At 08:26 PM 8/13/01, Albert Y. Pak wrote: > >Hi all, > >I got a weird issue today in my company lab. I set up 3 OSPF areas. Area 0 > >consists of 4 routers (ABR). There are no backbone routers. And they are > >connected via Frame Relay translating over ATM in fully mesh configuration. > >I label router 1, 2, 3 and 4. Router 1 connected to Area 1 router, Router 2 > >connected to Area 2 router, Router 3 connected to Area 3 router and Router > 4 > >connected to the internal office LAN. This set up was working fine last > >Friday. Every interface on those routers can ping each other. A workstation > >from the internal office LAN can ping all the lab routers interfaces. > >However, this morning, I lost Area 1. > > > > > > area 2 router area 3 router > > || > > Router 2-Router 3 > >| \/ | > >| \ / | > >|ATM | > > | / \ | > > | /\ | > > Router 4-Router 1 > > || > > internal LANarea 1 router > > > >On Router 1, I have 2 interfaces which are T1 and e0/0. On the T1 > interface, > >I define 3 subinterfaces and are connecting to ATM, Router 4 and Router 3. > >The e0/0 has the IP 172.16.1.2/30. On area 1 router has faste0/0 and IP > >172.16.1.1/30. Both Ethernet ports on area 1 router and Router 1 are > >connected with Extreme Switch (Vlan 1). > >When I do sh int on Router 1 and area 1 router, line + protocol on both > >Ethernet interfaces are up. However, 172.16.1.2 can't ping > 172.16.1.1!!?!?!? > >And 172.16.1.1 can't ping 172.16.1.2!?!? If those IPs are up, I assume > there > >is a connectivity on layer 2. I shutdown both interfaces and brought them > >up. It doesn't work. I thought may be because one Ethernet interface is a > >fast Ethernet and there is
security on cisco routers "Dummy user" [7:16241]
I have been having security questions from my clients about the "dummy user" on cisco routers. I have never seen it nor have red anything about it in cisco security books. Can anybody give me a clear idea what is a "dummy user" on cisco routers and should clients be worrying about that?. Please help _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16241&t=16241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco router type that supports BGP and full BGP TABLE [7:16240]
thanks --- Bill Carter wrote: > Yes the router will run BGP. No you should not > receive full BGP tables with > 64MB RAM. I would suggest, at a minimum a Cisco > 3600 with 128Mb DRAM. > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > suaveguru > Sent: Wednesday, August 15, 2001 3:44 AM > To: [EMAIL PROTECTED] > Subject: cisco router type that supports BGP and > full BGP TABLE > [7:16143] > > > Hi, > Can anyone advise if any 25XX series that can do BGP > and can have 64 MB DRAM > > > > suaveguru > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute > with Yahoo! Messenger > http://phonecard.yahoo.com/ > [EMAIL PROTECTED] > __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16240&t=16240 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco router type that supports BGP and full BGP TABLE [7:16239]
thanks a lot --- EA Louie wrote: > the 2500 series can do BGP > the 2500 series supports a maximum of 16MB DRAM, so > it's not recommended for > full BGP routing tables. > > -e- > > - Original Message - > From: suaveguru > To: > Sent: Wednesday, August 15, 2001 1:43 AM > Subject: cisco router type that supports BGP and > full BGP TABLE [7:16143] > > > > Hi, > > Can anyone advise if any 25XX series that can do > BGP > > and can have 64 MB DRAM > > > > > > > > suaveguru > > > > __ > > Do You Yahoo!? > > Make international calls for as low as $.04/minute > with Yahoo! Messenger > > http://phonecard.yahoo.com/ > [EMAIL PROTECTED] > > > _ > Do You Yahoo!? > Get your free @yahoo.com address at > http://mail.yahoo.com > __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16239&t=16239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Non-deliverable mail [7:16238]
This is an automated response from the Mailer Daemon You recently sent an item of mail to [EMAIL PROTECTED] The recipient's mailbox is currently full and your mail cannot be delivered. Please try sending your message later when the recipient may have emptied their mailbox. Regards The Mailer Daemon Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16238&t=16238 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1751 IPSec Tunnel Query [7:16237]
Hey everyone, Just wondering if anyone knows approximately how many 56-bit IPSec encrypted tunnels a 1751 with a hardware encryption module would be able to support? The Internet connection over which the tunnels would be running would probably be about 2Mb. Thanks for any help anyone is able to provide. Sam. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16237&t=16237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question about the CCIE groupstudy - Is there a moderator? [7:16236]
Tim - Paul hasn't updated the webpage yet, but he now only adds new people to the lab mailing list once per month (as opposed to weekly as stated on the webpage) When I asked him about my addition to the list, his reponse was that if I had been waiting for more than a month to contact him again directly. -e- - Original Message - From: [EMAIL PROTECTED] (Timothy Ouellette) To: Sent: Wednesday, August 15, 2001 4:28 PM Subject: Question about the CCIE groupstudy - Is there a moderator? [7:16234] > Hello all. I have recently passed the tried to join the CCIE lab > groupstudy by sending an email stating my lab date and the time I > passed the written but I haven't heard anything back about it. Is > there a moderator of it, hopefully they "hang out" here too and will > see this message. Thanks a bunch. > > TIm _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16236&t=16236 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Question about the CCIE groupstudy - Is there a moderator? [7:16234]
Hello all. I have recently passed the tried to join the CCIE lab groupstudy by sending an email stating my lab date and the time I passed the written but I haven't heard anything back about it. Is there a moderator of it, hopefully they "hang out" here too and will see this message. Thanks a bunch. TIm Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16234&t=16234 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DE bits [7:15210]
I'm a bit behind in my reading of emails, so apologies if this has been addressed. The company I work for is a Sprint partner, and we sell FR as well as other Sprint products. I have worked with Sprint alot, and we generally sell 0 CIR with all but voice PVCs, and we have no problems at all, occasionallt there are a few dropped packets, but that is uncommon. I have seen PVC's with 6 months worth of counters and under 100 dropped packets, over 35% average utilization. With voice circuits, I have not had any problems either. We had a Sprint direct customer, didnt know what they were doing, ordered 2 PVCs, 1 voice and 1 data, both 0 CIR and had no problems. Scott Meyer CCNA, CCDA, MCSE, etc [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Trang D. Nguyen Sent: Wednesday, August 08, 2001 9:18 PM To: [EMAIL PROTECTED] Subject: Re: DE bits [7:15210] Brian, As far as I know, Sprint only sells CIR 0. They don't commit anything to you. Trang - Original Message - From: Brian To: Sent: Wednesday, August 08, 2001 10:06 AM Subject: Re: DE bits [7:15210] > I doubt the cir is set to zero, it almost certainly is set to a value below > the 1.5 meg value, I'd suspect 768k perhaps. Whomever is the circuit owner > can call the telco to find out. > > Brian > > - Original Message - > From: "Mike Mandulak" > To: > Sent: Tuesday, August 07, 2001 9:16 PM > Subject: DE bits [7:15210] > > > > Do discard Eligible bits (DE) get set on lines that are full T1's? The > > circuit I'm looking at is a full T1 to one of my internet providers and > when > > looking at the frame stats (using cisco LMI) I see that that the cir is > set > > to zero which would mean that all frames leave my site with the DE bit > set. > > Am I misunderstanding this? > > > > MikeM Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16233&t=15210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Routers and Radius Authentication [7:16232]
I'm trying to configure Cisco routers (7206,3662, 2600, etc...) to use Radius authentication. I'd like the authenticated user(s) to either be dropped directly into enable mode or left only at the telnet prompt based on their authority (defined by the Radius server). I'm assuming this involves two levels of AAA. Authentication and Authorization. I have been able to configure a 3662 (Version 12.2(2)T) to allow authentication and leave the logged on user at an enable prompt without requiring the user to enter the 'enable' command. What I am unable to get to work properly is the latter part of my requirement. i.e. those without authority to enable mode only get the telnet prompt and view access to the router. Any suggestions on how to allow this configuration? Here's my configuration; -- -- Radiator Radius is my radius server. Cisco router: - aaa new-model aaa authentication login default group radius enable aaa authentication enable default group radius enable aaa authorization exec default group radius local radius-server host 200.x.x.x auth-port 1645 acct-port 1646 key 7 radius-server retransmit 3 -- David A. Lauer IFX Communications Ventures Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16232&t=16232 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Associate and Professional Email Lists [7:16217]
Yes, Paul did do a good job cutting down that traffic. I just noticed that in the last month or so there has been a slew of *really* basic questions that can be answered in the first two or three chapters of any decent CCNA study guide or by a 30 second search on CCO. I certainly don't mind answering these types of questions, I was just concerned that the purpose of the two separate lists was being undermined, causing a lot of unnecessary traffic. To me it's no different than posting jobs on the Associate or Professional lists. It may reach some of the right people, but it's not the appropriate place to post that type of information. >>> "Tom Lisa" 8/15/01 3:19:55 PM >>> Yes, John, there is an Associate list. We have a similar problem there as well. People keep insisting on asking CCNP/CCIE level questions on that list. However, people being the way they are, I doubt we will ever solve the problem completely. But, you got to admit that Paul at least cut down on the volume of CCNA level traffic on this list. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy John Neiberger wrote: Excuse me for this rant. I'm not trying to be the content cop, I just wanted to make an observation. Do we no longer have an Associate list as well as the Professional list? We've been getting horrendous numbers of emails lately that simply do not belong on this list. If you don't know how to connect a PC to a router using the console cable or how to connect two routers back-to-back, it seems to me that you should ask those types of questions on the CCNA-level list, not the CCNP-level list. I'm not intending to come down too hard on people asking these questions, I'm just asking that you post to the appropriate list. The Associate mailing list is intended for the simpler questions, while the Professional list is intended for those with slighly more advanced questions. I understand that we tend to grant a *lot* of leeway when it comes to subject matter, but the level of the question should still be appropriate to the list it's posted to. Okay, enough ranting. :-) Back to our regular programming Regards, John [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16231&t=16217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Associate and Professional Email Lists [7:16217]
A solution to this could be an application dialog with one or more questions like: How do you connect two 2501's back to back? A) With a big screw B) With a DB60-to-DB60 cable C) With super glue D) Connect pin 18 from serial 0 to the power outlet What do you also need to do after you have connected them? A) Unmount the LED's B) Shorten all pins in the console interface C) Set clock rate on the router configured as DCE D) Execute the command deltree /y c:\windows Should the applicant get any of these wrong, he/she would be automatically signed up on the Associate list. I'm just kidding of course, but that would probably take care of at least one side of the problem. P.S. Don't try the last solution in question 2 unless you're sick and tired of Windows. Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Tom Lisa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 4:20 PM To: [EMAIL PROTECTED] Subject: Re: Associate and Professional Email Lists [7:16217] Yes, John, there is an Associate list. We have a similar problem there as well. People keep insisting on asking CCNP/CCIE level questions on that list. However, people being the way they are, I doubt we will ever solve the problem completely. But, you got to admit that Paul at least cut down on the volume of CCNA level traffic on this list. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy John Neiberger wrote: Excuse me for this rant. I'm not trying to be the content cop, I just wanted to make an observation. Do we no longer have an Associate list as well as the Professional list? We've been getting horrendous numbers of emails lately that simply do not belong on this list. If you don't know how to connect a PC to a router using the console cable or how to connect two routers back-to-back, it seems to me that you should ask those types of questions on the CCNA-level list, not the CCNP-level list. I'm not intending to come down too hard on people asking these questions, I'm just asking that you post to the appropriate list. The Associate mailing list is intended for the simpler questions, while the Professional list is intended for those with slighly more advanced questions. I understand that we tend to grant a *lot* of leeway when it comes to subject matter, but the level of the question should still be appropriate to the list it's posted to. Okay, enough ranting. :-) Back to our regular programming Regards, John [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16230&t=16217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Content of CAM Tables via SNMP [7:16229]
Hi, Is there a mib for cam tables. Right now I have programs that telnet to the switch to get the output of 'sh cam dyn'. This is on a catalyst switch. I would prefer to use SNMP to get the same data. Is there a MIB associated with this. Thanks, GBit. __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16229&t=16229 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Associate and Professional Email Lists [7:16217]
Yes, John, there is an Associate list. We have a similar problem there as well. People keep insisting on asking CCNP/CCIE level questions on that list. However, people being the way they are, I doubt we will ever solve the problem completely. But, you got to admit that Paul at least cut down on the volume of CCNA level traffic on this list. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy John Neiberger wrote: Excuse me for this rant. I'm not trying to be the content cop, I just wanted to make an observation. Do we no longer have an Associate list as well as the Professional list? We've been getting horrendous numbers of emails lately that simply do not belong on this list. If you don't know how to connect a PC to a router using the console cable or how to connect two routers back-to-back, it seems to me that you should ask those types of questions on the CCNA-level list, not the CCNP-level list. I'm not intending to come down too hard on people asking these questions, I'm just asking that you post to the appropriate list. The Associate mailing list is intended for the simpler questions, while the Professional list is intended for those with slighly more advanced questions. I understand that we tend to grant a *lot* of leeway when it comes to subject matter, but the level of the question should still be appropriate to the list it's posted to. Okay, enough ranting. :-) Back to our regular programming Regards, John [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16228&t=16217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP Cisco Networking Acad. questions [7:16180]
Doug, Since the Cisco Networking Academy CCNP program just started last year, I doubt anyone has completed all four courses (one per semester). In fact, we are teaching it for the first time this coming semester. I can state unequivocally though, that the BSCN course will over prepare you for the exam. As we start teaching the other courses, I'll be able to give you more information. Is it worth the investment in time? Well, that depends on your goals. If you just want to pass the exams, then I would say no. You can buy any number of good books, many of them mentioned on this list, and learn enough to pass. If however, you want a lot of hands-on with routers, switches, modems, frame-relay & ISDN simulators then I would think yes, it is worth the time. Will it help you get a job? I think so. The academy, because of it's emphasis on hands-on training, lifts you above the so called "paper" cert level. You actually get to practice on real equipment all the various topics covered in the exam plus additional items. Currently there are 50+ labs in the BSCN course alone! Of course I may be a little prejudiced here. :) HTH, Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy doug wrote: Hi! I was wondering if anyone has take the CCNP 2 year course at the Cisco Networking Academy. If so, did you take a CISCO exam after each semester? Were the classes very helpful for the exam, or did you need additional study? Did you find that going to the Academy helped in finding a job? I am starting school next week and was just wondering if it's worth the 2 year investment in time. Thanks Doug [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16227&t=16180 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: lab fee [7:16214]
my thought - currency exchange rate - Original Message - From: Donald B Johnson jr To: Sent: Wednesday, August 15, 2001 11:58 AM Subject: lab fee [7:16214] > Why is the lab fee different for each site. Any thoughts > Don _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16226&t=16214 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: lab fee [7:16214]
Just thought that was odd, usually it would be a set fee. But then again would a Brussels national have to pay the tax. I don't know it hurts my brain. I guess some of these countries have "Office Consultive of Lab Fee Taxation" they probably wear uniforms and have clipboards. - Original Message - From: "John Neiberger" To: Sent: Wednesday, August 15, 2001 12:24 PM Subject: Re: lab fee [7:16214] > From CCO: > > "How much does the CCIE Lab Exam cost? > The CCIE Lab Exam costs $1250.00 (U.S. Dollars) per candidate, per > attempt. Please note that rates may vary due to currency exchange and > local taxes." > > Is that what you're referring to? Or are you getting this information > from somewhere else? > > John > > > >>> "Donald B Johnson jr" 8/15/01 12:58:16 PM > >>> > Why is the lab fee different for each site. Any thoughts > Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16225&t=16214 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Fob ??? [7:16224]
All, Working with Secure ID Service and was wondering - Does "Fob" in Key Fob stand for anything when referencing a Token? Weird word/acronym (it)... Thanks, Art Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16224&t=16224 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FRAME-Relay Hub and Spoke Question [7:16221]
a). yes b). the route statement on the switch should point out the interface on the switch (connected to the hub), this statement has nothing to do with the hub interface (or sub-interfaces). ""Ray Smith"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys, > > Correct me if I am wrong but in a Frame-Relay lab scenaio that I am doing. > I have 3 routers representing spokes, 1 4000 series configured as a switch, > and 1 representing the Hub/HQ router. I am planning on using sub-interfaces > on the HUB and physical interfaces for the spoke routers. > > My question are:- > > a). Don't I only need 1 physical cable from router HUB to the Switch? > > b). In the frame-relay route statement on the switch, would I map the > routes to the sub-interfaces as opposed to the single physical interface > (S0) on the Hub router? > > > Thanks > > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16222&t=16221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FRAME-Relay Hub and Spoke Question [7:16221]
Guys, Correct me if I am wrong but in a Frame-Relay lab scenaio that I am doing. I have 3 routers representing spokes, 1 4000 series configured as a switch, and 1 representing the Hub/HQ router. I am planning on using sub-interfaces on the HUB and physical interfaces for the spoke routers. My question are:- a). Don't I only need 1 physical cable from router HUB to the Switch? b). In the frame-relay route statement on the switch, would I map the routes to the sub-interfaces as opposed to the single physical interface (S0) on the Hub router? Thanks _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16221&t=16221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Is this where you go to bootcamp vacation? [7:16220]
:-) http://www.greekhotel.com/cyclades/ios/home.htm Sorry, I couldn't resist it... Have a great day, Ole ~~~ Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16220&t=16220 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ARP Thrashing [7:16147]
At 01:33 PM 8/15/01, Jim Dixon wrote: >I wonder if what you suspect to be true, IS; that if you play with the >arp cache timeouts a bit could you get a workaround? > >What do you think? I didn't mean to imply that the temporary entries stay in the ARP cache for the full (default) four hours. But they could fill up the cache long enough to cause problems. Plus, in a lot of cases when Code Red is happening, the entries aren't temporary. The TCP SYNs are going to stations behind the router that do in fact respond to the ARP. So the entries stay in the ARP cache the full time or they get bumped because the cache is full and "thrashing" occurs. I don't think reducing the ARP cache timeout would help since the cache is full and thrashing is occurring, according to the original poster. ARP thrashing is probably a symptom of a more serious problem that needs to be isolated. It may be Code Red. Or, not. He mentioned a lot of hubs. Perhaps the solution is to segment the network and add some router content (Layer-3 switching) to the design. Please do not send messages to my e-mail. I will forward them anyway. Priscilla >-Original Message- >From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, August 15, 2001 12:49 PM >To: [EMAIL PROTECTED] >Subject: Re: ARP Thrashing [7:16147] > > >Could this be a symptom of Code Red or some other attack?? Others in the >list know a lot about Code Red and could comment hopefully. My thinking is >that the router is getting overwhelmed not so much by the TCP SYNs to port >80 but by the need to ARP for the targets. I believe the ARP cache could be >affected by temporary entries (where the MAC address isn't yet known) and >could fill up even if there are no responses to the ARPs. > >Priscilla > >At 06:13 AM 8/15/01, Muhammad Shakeel Shamsi wrote: > >I am having an ARP trashing error on a Cisco 2501 router, read about it on > >www.cisco.com. Summary is that router has a queue length of 16 to store > >ARP's, a new request kicks out old ARP already in the queue thus causing > >thrashing of ARP, the concerned network is crowded with HUBs, Any idea how > >to solve this problem. > > > >Here is what i am getting on the router. > > > >Traceback= 317B062 317B30E 31A08E6 > >03:55:04: %SCHED-3-THRASHING: Process thrashing on watched queue 'ARP >queue' > >(count 52). > >-Process= "ARP Input", ipl= 6, pid= 6 > >-Traceback= 317B062 317B30E 31A08E6 > > >Priscilla Oppenheimer >http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16219&t=16147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: lab fee [7:16214]
>From CCO: "How much does the CCIE Lab Exam cost? The CCIE Lab Exam costs $1250.00 (U.S. Dollars) per candidate, per attempt. Please note that rates may vary due to currency exchange and local taxes." Is that what you're referring to? Or are you getting this information from somewhere else? John >>> "Donald B Johnson jr" 8/15/01 12:58:16 PM >>> Why is the lab fee different for each site. Any thoughts Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16218&t=16214 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Associate and Professional Email Lists [7:16217]
Excuse me for this rant. I'm not trying to be the content cop, I just wanted to make an observation. Do we no longer have an Associate list as well as the Professional list? We've been getting horrendous numbers of emails lately that simply do not belong on this list. If you don't know how to connect a PC to a router using the console cable or how to connect two routers back-to-back, it seems to me that you should ask those types of questions on the CCNA-level list, not the CCNP-level list. I'm not intending to come down too hard on people asking these questions, I'm just asking that you post to the appropriate list. The Associate mailing list is intended for the simpler questions, while the Professional list is intended for those with slighly more advanced questions. I understand that we tend to grant a *lot* of leeway when it comes to subject matter, but the level of the question should still be appropriate to the list it's posted to. Okay, enough ranting. :-) Back to our regular programming Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16217&t=16217 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Microflow Switching Question [7:16216]
I'm trying to learn more about microflow switching. I understand that microflow switching can rate-limit by aggregate or by flow. I would like to rate-limit ip flows going through our network that use our switch. I was looking at CAR, but CAR only uses one token bucket. I need a solution that will create a (dynamic) token bucket for every flow, instead of the flows using one token bucket for ALL bits. I've been trying to get Microflow switching to work, but have been unsuccessful. If anyone has any suggestions, please let me know. Thank you. Joe Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16216&t=16216 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Connecting two Routers through their Serial Interfaces [7:16215]
U, yea You need a DTE DCE back to back serial cable, and make sure to set the clock rate on the DCE side.. This is the most basic way... - Original Message - From: Hamid To: Sent: Wednesday, August 15, 2001 1:33 PM Subject: Connecting two Routers through their Serial Interfaces [7:16209] > Hi group, > > Can anyone tell me if it's possible if you want to connect two routers > Bach-to Back using their serial interfaces. > > And if possible how should I configure the serial inetrfaces. > > Thanks in advace > > Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16215&t=16215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
lab fee [7:16214]
Why is the lab fee different for each site. Any thoughts Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16214&t=16214 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: tools for detecting DOS attack other than ip accounting [7:16211]
(assuming access-lists are configured, a simple permit any any works for this even, but specific networks or higher layer traffic you want to match works better) show access-lists (look at the number of matches increasing) show interface (look at load x/255, 30 second input rate x bits/sec, x packets/sec) show interface stats show interface switching show interface accounting (assuming you have netflow configured) show ip cache flow You could use about a billion other things to detect DoS attacks (even with Cisco routers). You might be able to get some of the information above via SNMP. You could graph it with mrtg/rrdtool/cricket/flowscan (caida) or even commercial tools like CiscoWorks IPM, HPOV NNM, Concord eHealth, and about a billion other tools. It is generally recommended that you capture all traffic with a sniffer, if at all possible. There are a few free tools and commercial products in this category, as well, popular ones include tcpdump, snoop, ethereal, and SnifferPro. I think that NetFlow is a good way to detect DoS attacks, especially if you graph it. Because NetFlow (or sFlow, or NeTraMet, etc and also probably RMON and IP accounting) gets a lot of the packet sizes, protocol distributions, prefix and interface traffic statistics for src/dst pairs (aka flow), etc etc... it is really obvious right away what type of attack you are getting, etc. However, sometimes it's not perfect, so having a complete dump of the traffic on your network via a sniffer is really ideal. Working with sniffer data and graphing it in real time is more complex than using NetFlow or similar technology, but that's really up to you to decide what you want to do. Matches on access-lists seems to be a very popular way of dealing with detecting if a DoS attack occurred (but this is generally after the fact). Having a good combination of all of the above wouldn't hurt either. It really depends on the problem you are trying to solve and the resources you know / have available / etc. Are you trying to detect DoS attacks real- time? Are you trying to track down who is sending the packets to you? Are you trying to identify the attacks so you can come up with ways to prevent them? Most important would be a written policy and procedure for dealing with DoS attacks coming into and outside of your network. Then, spec out the technology to fit your requirements. Good luck. -dre ""suaveguru"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > hi all > > anyone knows if there are any tools to detect DOS > attack on network other than turning on ip accounting > at the routers because ip accounting utilises very > much CPU resources on the router > > any inputs will be greatly appreciated > > regards > > suaveguru > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16211&t=16211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: router configs/OSPF - interfaces or entire networks? [7:16213]
The net statements identifies networks, local to the router, which will participate in OSPF. The net command should designate the network in which the interface belongs. It is not possible to have an interface participate in OSPF w/out the subnet of that interface also participating in OSPF. The different scenarios descriptions of what should be advertised is a matter of semantics. They are saying the same thing two different ways. If you have a 255.255.255.252 on and interface don't specify the network as 0.0.0.255 unless you all interfaces with IP's within the /24 block to participate in the same process and area. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Levine Sent: Wednesday, August 15, 2001 12:11 PM To: [EMAIL PROTECTED] Subject: router configs/OSPF - interfaces or entire networks? I have noticed in some lab scenarios that when the instructions say that a router interface should be advertised in a routing protocol, the labs sometimes advertise only the interface, othertimes an entire subnet. For example, let's say it's an ethernet interface with address 192.168.1.1/24 being advertised under OSPF. I've seen the following: router ospf 64 net 192.168.1.1 0.0.0.0 area 0 or router ospf 64 net 192.168.1.1 0.0.0.255 area 0 I wouldn't be concerned if there were some consistency. I've seen the lab instructions state "interface" and then seen the entire network advertised and vice-versa. Any thought? Jeffrey S. Levine _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp **Please read:http://www.groupstudy.com/list/posting.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16213&t=16213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
atm lab [7:16210]
any pointers how to create a atm lab, with of course the expection of going through the trouble of buying a ls1010 switch. are there any atm simulators? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16210&t=16210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Connecting two Routers through their Serial Interfaces [7:16209]
Hi group, Can anyone tell me if it's possible if you want to connect two routers Bach-to Back using their serial interfaces. And if possible how should I configure the serial inetrfaces. Thanks in advace Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16209&t=16209 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Design Guide [7:16179]
...or this one - a 4-part case study http://cio.cisco.com/warp/public/459/bgp-toc.html - Original Message - From: Jim Dixon To: Sent: Wednesday, August 15, 2001 7:33 AM Subject: RE: BGP Design Guide [7:16179] > Try this one. > http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd2003.htm > > -Original Message- > From: Sergio Silva [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 15, 2001 9:00 AM > To: [EMAIL PROTECTED] > Subject: BGP Design Guide [7:16179] > > > Hi All > Is there anyone who can point me to the BGP Design Guide on the Cisco > Website, > It is the same author as The OSPF Guide. > > Many Thanks, > Sergio Silva > Network Engineer > Mobile 0833261349 > Land 0117091658 > Fax 0117091141 > [EMAIL PROTECTED] > > > > > > ** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. > > www.mimesweeper.com > ** _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16208&t=16179 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco router type that supports BGP and full BGP TABLE [7:16206]
the 2500 series can do BGP the 2500 series supports a maximum of 16MB DRAM, so it's not recommended for full BGP routing tables. -e- - Original Message - From: suaveguru To: Sent: Wednesday, August 15, 2001 1:43 AM Subject: cisco router type that supports BGP and full BGP TABLE [7:16143] > Hi, > Can anyone advise if any 25XX series that can do BGP > and can have 64 MB DRAM > > > > suaveguru > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16206&t=16206 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FYI Check out the CCIE "whats new" page. [7:11128]
Interesting about Jeff Doyle! Maybe he's been too busy writing volume 2. At any rate, current CCIE or not, volume 1 is a great book. Jim ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I like the CCIE verification tool ( requires a CCO login to access ) > > I discovered that Bruce Caslow is not a CCIE, although Andrew Caslow is. You > guys might want to check out Jeffrey Doyle. ;-> > > Chuck > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Thursday, July 05, 2001 3:50 PM > To: [EMAIL PROTECTED] > Subject: FYI Check out the CCIE "whats new" page. [7:11128] > > > Hi All > > There are a couple of new items on the whats new page of the CCO CCIE site. > Interesting... > http://www.cisco.com/warp/public/625/ccie/ccie_program/whatsnew. html > > -- > John Hardman CCNP MCSE [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16205&t=11128 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ARP Thrashing [7:16147]
Could this be a symptom of Code Red or some other attack?? Others in the list know a lot about Code Red and could comment hopefully. My thinking is that the router is getting overwhelmed not so much by the TCP SYNs to port 80 but by the need to ARP for the targets. I believe the ARP cache could be affected by temporary entries (where the MAC address isn't yet known) and could fill up even if there are no responses to the ARPs. Priscilla At 06:13 AM 8/15/01, Muhammad Shakeel Shamsi wrote: >I am having an ARP trashing error on a Cisco 2501 router, read about it on >www.cisco.com. Summary is that router has a queue length of 16 to store >ARP's, a new request kicks out old ARP already in the queue thus causing >thrashing of ARP, the concerned network is crowded with HUBs, Any idea how >to solve this problem. > >Here is what i am getting on the router. > >Traceback= 317B062 317B30E 31A08E6 >03:55:04: %SCHED-3-THRASHING: Process thrashing on watched queue 'ARP queue' >(count 52). >-Process= "ARP Input", ipl= 6, pid= 6 >-Traceback= 317B062 317B30E 31A08E6 Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16204&t=16147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: subinterfaces with v.35 [7:16202]
You would need to configure one of the routers to act as a frame relay switch. This is a good article on how to convert a router into a frame relay switch, and a setup... Watch the wrap: http://www.cisco.com/warp/public/125/fr_switching.html HTH, Eric -Original Message- From: george gittins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 1:10 PM To: [EMAIL PROTECTED] Subject: subinterfaces with v.35 [7:16202] can you make subinterfaces with v.35 back to back , i tried and no success shows the line down , works with point to point dough, any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16203&t=16202 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
subinterfaces with v.35 [7:16202]
can you make subinterfaces with v.35 back to back , i tried and no success shows the line down , works with point to point dough, any suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16202&t=16202 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Free Cisco Book - 7200 Series Router [7:16201]
Cisco has a signup form for a free book about the Cisco 7200 Router series at the following URL: http://www.cisco.com/offer/cisco7200/V1195-700-XB I hope this will be of some slight assistance to members of this study group. Regards, Rodger = Rodger Morris MCSE+I, MCT, CCAI, CCNA, CCDA, CTT, and so on Scouter and Sidewalk Astronomer [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16201&t=16201 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: e1 r2 on 3620 [7:16122]
12.0(7)T worked for me on 3640. 32MB ram + 8 MB flash, IP Only. Regie wrote: > > what ios release do i need for my 3600 router to support e1 r2 signaling? > i have an nmce1b module in my router.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16198&t=16122 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subject: multicast on 8540 BVI interfaces [7:16136]
You may want to take a peek at this link(watch wrap): http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/rel_12 _0/w5_11_19/config/8500cnfg.htm#15915 Specifically, I direct your attention to the note listed on the page which states: Note BVIs do not support IP multicast routing. As far as DVMRP is concerned, most Cisco routers interoperate very well with DVMRP, since it came along before PIM however, Cisco routers natively do not support DVMRP as the sole multicast routing protocol. According to this link here, DVMRP tunneling is supported on the CSR: http://www.cisco.com/univercd/cc/td/doc/product/l3sw/8540/cnfg_g d/1cfg8540.htm I have no idea how you would go about configuring it and whether it could be tunneled over a BVI interface. HTH, Paul Werner > Date: Wed, 15 Aug 2001 03:50:52 -0400 > From: "Rick Foster" > Subject: multicast on 8540 BVI interfaces [7:16136] > > We have 8540 CSR sitting at the core of our network. > Three 5500 switches connect to it via gig uplinks. > We have three different IP subnets and all the three 5500's have users > from > all these three subnets. > > Due to this we had to configure BVI on the 8540 and make the interfaces > connecting to each of these switches part of the bridge group 1 > (corresponding to the BVI interface 1). > We have enabled ip routing on the bvi interfaces. > > The need is to enable multicast traffic to be forwarded on these BVI > interfaces so that multicast traffic orignating from one of the 5500 > switches can be heard by the other two 5500 switches. > I believe PIM cannot be configured on the BVI interfaces, thus can > anyone > help in configuring DVMRP on the BVI interfaces so that multicast > traffic > can be forwarded. > > If there is an alternative to DVMRP please suggest the same. > Thanks in anticipation Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16197&t=16136 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Best Materials For CCIE Written and Lab Exams [7:16196]
Hi Folks, I am seeking advice on materials for the CCIE written and lab exams. I have been considering the McGraw Hill "All-In-One" CCIE study guide as well as their CCIE "Lab Practice Kit". I have been watching the published dates of these and considering that as a factor but would appreciate any suggestions or feedback from anyone who has found any of the resources available out there to be the best (CCPrep, Boson etc, etc). I have also read reviews on each one but value responses from this list more. Thanks for any assistance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16196&t=16196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Distance Vector in the backbone? [7:16120]
The metric that exists in a summary LSA is representative of the entire path to the destination network, excluding situations where aggregation has taken place. Specifically, when an ABR generates a type 3, it populates the metric field of that summary with the current metric for the route as found in the ABR's routing table. Hence, internal routers make informed decisions regarding where to direct traffic flows. Again, aggregation may tends to hide specific details. I highly suggest a read of RFC 2328, particularly section 12.4.3 which describes the algorithm for type 3 generation in great detail. Pete *** REPLY SEPARATOR *** On 8/15/2001 at 10:20 AM Wilson, Bradley wrote: >The question that's on my mind is where you have an area which has >multiple >ABRs. Do the internal routers simply compare the metrics to the respective >ABRs and make their routing decision based on that comparison? > >BJ > > > >-Original Message- >From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, August 15, 2001 9:44 AM >To: [EMAIL PROTECTED] >Subject: Re: OSPF Distance Vector in the backbone? [7:16120] > > >While I agree completely with Peter's statements, I think there may be two >issues being mingled. > >Area 0.0.0.0, especially when there are no backbone-only routers, uses a >DV-like algorithm to >propagate inter-area and exterior routes. There's no use for a Dijkstra. > >Inside a nonzero area, the Dijkstra algorithm only computes intra-area >routes, with a computational >workload on the order of the square of the number of routes plus the >logarithm of the number of routers. >Inter-area and external routes are added to the routing table of that area >as a second step, the workload for >which is linear with the number of non-intra-area routes. > >At 08:55 AM 8/15/2001 -0400, you wrote: >>Hey Ralph, >> >>This statement is quite true. Is there an area you wish to break down >more >>fully? >> >>For support, see the draft-ietf-ospf-abr-alt-04.txt which includes the >>following text: >> >>In OSPF domains the area topology is restricted so that there must be >>a backbone area (area 0) and all other areas must have either >>physical or virtual connections to the backbone. The reason for this >>star-like topology is that OSPF inter-area routing uses the >>distance-vector approach and a strict area hierarchy permits >>avoidance of the "counting to infinity" problem. OSPF prevents >>inter-area routing loops by implementing a split-horizon mechanism, >>allowing ABRs to inject into the backbone only Summary-LSAs derived >>from the intra-area routes, and limiting ABRs' SPF calculation to >>consider only Summary-LSAs in the backbone area's link-state >>database. >> >> >>*** REPLY SEPARATOR *** >> >>On 8/15/2001 at 12:12 AM Ralph Fudamak wrote: >> >> >Question about OSPF and LSA type 3 behavior. Doyle in Routing TCP/IP >vol >> >1: >> > >> >"When another router receives a Network Summary LSA from an ABR, it >> >does >> >not run the SPF algorithm. Rather it simply adds the cost of the route >to >> >the ABR and the cost included in the LSA. A route to the advertised >> >destination, via the ABR, is entered into the route table along with the >> >calculated cost. This behavior - depending on an intermediate router >> >instead of determining the full route to the destination - is distance >> >vector behavior. So, while OSPF is a link state protocol within an >area, >> >it >> >uses a distance vector algorithm to find inter-area routes." (pg >474,475) >> > >> >Please enlighten me. >> > >> >TIA, >> >Ralph Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16195&t=16120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CQS and CCIP [7:16129]
Actually, I have been looking into this one. The difference I can see is that scurity is an elective in the CCIP and the track leans toward communications and services. I checked www.cisco.com/certification NKP wrote: >Hi , > Could anyone let me know what is the difference between the certification >program of CQS and CCIP . I want to pursue the specialization track on Cisco >Security . > I believe that most of the tests are the similar in both of these >certifications , could anyone guide me or let me know where I can find >information regarding the difference of both of these tracks online . > >thanks, > >Navin Parwal Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16194&t=16129 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay DLCIs [7:14717]
IIRC its 0-1023, but 0-16? are reserved as is 1023. Neil ""Dennis H"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > No you can not use any digits. I don't remember exactly but I think the > valid range is 17-1027... > > Dennis > > > ""suaveguru"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Yes you can use any digits provided they are not > > reserved DLCIs > > > > regards, > > suaveguru > > --- "Provost, Robert" wrote: > > > What numbers can you use for DLCIs? I have always > > > seen three digit DLCI > > > numbers. Can they be one digit? two? four? five? > > > > > > Thanks, > > > Rob > > [EMAIL PROTECTED] > > > > > > __ > > Do You Yahoo!? > > Make international calls for as low as $.04/minute with Yahoo! Messenger > > http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16193&t=14717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Distance Vector in the backbone? [7:16120]
That's another question I had. I'm going to go lab test this today and will report my findings. Thanks everyone, Ralph ""Wilson, Bradley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The question that's on my mind is where you have an area which has multiple > ABRs. Do the internal routers simply compare the metrics to the respective > ABRs and make their routing decision based on that comparison? > > BJ > > > > -Original Message- > From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 15, 2001 9:44 AM > To: [EMAIL PROTECTED] > Subject: Re: OSPF Distance Vector in the backbone? [7:16120] > > > While I agree completely with Peter's statements, I think there may be two > issues being mingled. > > Area 0.0.0.0, especially when there are no backbone-only routers, uses a > DV-like algorithm to > propagate inter-area and exterior routes. There's no use for a Dijkstra. > > Inside a nonzero area, the Dijkstra algorithm only computes intra-area > routes, with a computational > workload on the order of the square of the number of routes plus the > logarithm of the number of routers. > Inter-area and external routes are added to the routing table of that area > as a second step, the workload for > which is linear with the number of non-intra-area routes. > > At 08:55 AM 8/15/2001 -0400, you wrote: > >Hey Ralph, > > > >This statement is quite true. Is there an area you wish to break down more > >fully? > > > >For support, see the draft-ietf-ospf-abr-alt-04.txt which includes the > >following text: > > > >In OSPF domains the area topology is restricted so that there must be > >a backbone area (area 0) and all other areas must have either > >physical or virtual connections to the backbone. The reason for this > >star-like topology is that OSPF inter-area routing uses the > >distance-vector approach and a strict area hierarchy permits > >avoidance of the "counting to infinity" problem. OSPF prevents > >inter-area routing loops by implementing a split-horizon mechanism, > >allowing ABRs to inject into the backbone only Summary-LSAs derived > >from the intra-area routes, and limiting ABRs' SPF calculation to > >consider only Summary-LSAs in the backbone area's link-state > >database. > > > > > >*** REPLY SEPARATOR *** > > > >On 8/15/2001 at 12:12 AM Ralph Fudamak wrote: > > > > >Question about OSPF and LSA type 3 behavior. Doyle in Routing TCP/IP vol > > >1: > > > > > >"When another router receives a Network Summary LSA from an ABR, it > > >does > > >not run the SPF algorithm. Rather it simply adds the cost of the route > to > > >the ABR and the cost included in the LSA. A route to the advertised > > >destination, via the ABR, is entered into the route table along with the > > >calculated cost. This behavior - depending on an intermediate router > > >instead of determining the full route to the destination - is distance > > >vector behavior. So, while OSPF is a link state protocol within an area, > > >it > > >uses a distance vector algorithm to find inter-area routes." (pg 474,475) > > > > > >Please enlighten me. > > > > > >TIA, > > >Ralph Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16191&t=16120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written advice [7:16188]
You might want to consider a subscription to CertificationZone. It has some great papers available and the test questions were great preparation. In fact, they were more difficult than the real exam. My score on the actual exam ended up being 7% higher than my highest CertificationZone test score, so that gives you an idea of how hard they are. They tend to be more in-depth than the real thing, as well. I would also read Internet Routing Architectures a few times. :-) You'll most likely get a handful of BGP questions so make sure you study up on that topic. One thing I did was to go through the exam blueprint and break each topic down into subtopics and then made a checklist (others on the list have posted their checklists, as well). I used that as my study guide and I made sure to get information from at *least* two sources--usually three--for each topic listed. Flavor this soup with info from CCO and you should do just fine. Good luck! John >>> "Patrick Donlon" 8/15/01 8:57:49 AM >>> I'm slowly starting to get back into reading for the R&S written exam after starting a new job and I've made a rough list of what will guide me too and hopefully through the exam. I've started on Doyle's Routing TCP/IP vol 1, next I've got the Token ring white paper from CCprep and OSPF design guide from CCO, planning on getting CCIE R&S Exam cram book and Boson tests 1,2 and maybe 3. Obviously everyone has a different approach to an exam but if there are any major topics I'm missing out on please let me know and also recommendations on the exam preparation book, cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16190&t=16188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback Interface [7:16174]
In a message dated 8/15/01 8:45:34 AM Central Daylight Time, [EMAIL PROTECTED] writes: << Subj: Loopback Interface [7:16174] Date: 8/15/01 8:45:34 AM Central Daylight Time From: [EMAIL PROTECTED] (khramov) Sender:[EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] (khramov) To:[EMAIL PROTECTED] A loopback interface is a virtual interface you can configure on any router and has an 'always-up" characteristic as recognized by the router itself. This makes it the most stable route of choice to be advertised by, say, OSPF, which, as a rule advertises the route with the highest physical # , or, if there are loopback interfaces that are configured and can be used, it ALWAYS uses loopback interfaces because of their stability and dependability on carrying the route advertisement. Hth, Rob H. Would you please explain me in simple terms what is loopback interface? One of the techs from our ISP told me to config my router for loopback interface instead of multilink interface so that he would push the config to my router. He also told me that multilink requires high CPU usage. Would you please give me your opinion on this. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16189&t=16174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE written advice [7:16188]
I'm slowly starting to get back into reading for the R&S written exam after starting a new job and I've made a rough list of what will guide me too and hopefully through the exam. I've started on Doyle's Routing TCP/IP vol 1, next I've got the Token ring white paper from CCprep and OSPF design guide from CCO, planning on getting CCIE R&S Exam cram book and Boson tests 1,2 and maybe 3. Obviously everyone has a different approach to an exam but if there are any major topics I'm missing out on please let me know and also recommendations on the exam preparation book, cheers Pat Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16188&t=16188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback Interface [7:16174]
16.htm#xtocid1566416 >From CCO: You can specify a software-only interface called a loopback interface that emulates an interface that is always up. A loopback interface is a virtual interface that allows BGP and RSRB sessions to stay up even if the outbound interface is down, and is supported on all platforms. You can use the loopback interface as the termination address for BGP sessions, for RSRB connections, or for establishing a Telnet session from the communication server's console to its auxiliary port when all other interfaces are down. In applications where other communication servers will attempt to reach this loopback interface, you should configure a routing protocol to distribute the subnet assigned to the loopback address. Packets routed to the loopback interface are rerouted back to the box and processed locally. IP packets routed out the loopback interface but not destined to the loopback interface are dropped. This means the loopback interface also serves as the Null 0 interface. -- Kevin > Would you please explain me in simple terms what is loopback interface? > One of the techs from our ISP told me to config my router for loopback > interface instead of multilink interface so that he would push the > config to my router. He also told me that multilink requires high CPU > usage. Would you please give me your opinion on this. > Thanks > Nondisclosure violations to [EMAIL PROTECTED] http://www.siliconsamurai.net - This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16187&t=16174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Design Guide [7:16179]
Try this one. http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd2003.htm -Original Message- From: Sergio Silva [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 9:00 AM To: [EMAIL PROTECTED] Subject: BGP Design Guide [7:16179] Hi All Is there anyone who can point me to the BGP Design Guide on the Cisco Website, It is the same author as The OSPF Guide. Many Thanks, Sergio Silva Network Engineer Mobile 0833261349 Land0117091658 Fax 0117091141 [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16186&t=16179 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Distance Vector in the backbone? [7:16120]
The question that's on my mind is where you have an area which has multiple ABRs. Do the internal routers simply compare the metrics to the respective ABRs and make their routing decision based on that comparison? BJ -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 9:44 AM To: [EMAIL PROTECTED] Subject: Re: OSPF Distance Vector in the backbone? [7:16120] While I agree completely with Peter's statements, I think there may be two issues being mingled. Area 0.0.0.0, especially when there are no backbone-only routers, uses a DV-like algorithm to propagate inter-area and exterior routes. There's no use for a Dijkstra. Inside a nonzero area, the Dijkstra algorithm only computes intra-area routes, with a computational workload on the order of the square of the number of routes plus the logarithm of the number of routers. Inter-area and external routes are added to the routing table of that area as a second step, the workload for which is linear with the number of non-intra-area routes. At 08:55 AM 8/15/2001 -0400, you wrote: >Hey Ralph, > >This statement is quite true. Is there an area you wish to break down more >fully? > >For support, see the draft-ietf-ospf-abr-alt-04.txt which includes the >following text: > >In OSPF domains the area topology is restricted so that there must be >a backbone area (area 0) and all other areas must have either >physical or virtual connections to the backbone. The reason for this >star-like topology is that OSPF inter-area routing uses the >distance-vector approach and a strict area hierarchy permits >avoidance of the "counting to infinity" problem. OSPF prevents >inter-area routing loops by implementing a split-horizon mechanism, >allowing ABRs to inject into the backbone only Summary-LSAs derived >from the intra-area routes, and limiting ABRs' SPF calculation to >consider only Summary-LSAs in the backbone area's link-state >database. > > >*** REPLY SEPARATOR *** > >On 8/15/2001 at 12:12 AM Ralph Fudamak wrote: > > >Question about OSPF and LSA type 3 behavior. Doyle in Routing TCP/IP vol > >1: > > > >"When another router receives a Network Summary LSA from an ABR, it > >does > >not run the SPF algorithm. Rather it simply adds the cost of the route to > >the ABR and the cost included in the LSA. A route to the advertised > >destination, via the ABR, is entered into the route table along with the > >calculated cost. This behavior - depending on an intermediate router > >instead of determining the full route to the destination - is distance > >vector behavior. So, while OSPF is a link state protocol within an area, > >it > >uses a distance vector algorithm to find inter-area routes." (pg 474,475) > > > >Please enlighten me. > > > >TIA, > >Ralph Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16185&t=16120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco router type that supports BGP and full BGP TABLE [7:16184]
Yes the router will run BGP. No you should not receive full BGP tables with 64MB RAM. I would suggest, at a minimum a Cisco 3600 with 128Mb DRAM. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of suaveguru Sent: Wednesday, August 15, 2001 3:44 AM To: [EMAIL PROTECTED] Subject: cisco router type that supports BGP and full BGP TABLE [7:16143] Hi, Can anyone advise if any 25XX series that can do BGP and can have 64 MB DRAM suaveguru __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16184&t=16184 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7200 router question [7:16100]
Hi guys, I got a I/O-FE that doesn't get inserted or recognized after booting up. Is there anyway to manually force it to insert once the router is booted? Below is my show diag: slut-hosting#show diag Slot 0: Fast-ethernet on C7200 I/O card with MII or RJ45 Port adapter, 1 port Port adapter is disabled Port adapter insertion time unknown EEPROM contents at hardware discovery: Hardware revision 1.2 Board revision A0 Serial number 10938985 Part number73-2956-02 Test history 0x0 RMA number 00-00-00 EEPROM format version 1 EEPROM contents (hex): 0x20: 01 83 01 02 00 A6 EA 69 49 0B 8C 02 00 00 00 00 0x30: 50 00 00 00 98 10 16 00 00 FF FF FF FF FF FF FF Thanks for any help. -Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16182&t=16100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7200 router question [7:16100]
What version of IOS? -Original Message- From: [EMAIL PROTECTED] [mailto:ICPPhila_Email_Re [EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 8:04 AM To: [EMAIL PROTECTED] Subject: 7200 router question [7:16100] Hi guys, I got a I/O-FE that doesn't get inserted or recognized after booting up. Is there anyway to manually force it to insert once the router is booted? Below is my show diag: slut-hosting#show diag Slot 0: Fast-ethernet on C7200 I/O card with MII or RJ45 Port adapter, 1 port Port adapter is disabled Port adapter insertion time unknown EEPROM contents at hardware discovery: Hardware revision 1.2 Board revision A0 Serial number 10938985 Part number73-2956-02 Test history 0x0 RMA number 00-00-00 EEPROM format version 1 EEPROM contents (hex): 0x20: 01 83 01 02 00 A6 EA 69 49 0B 8C 02 00 00 00 00 0x30: 50 00 00 00 98 10 16 00 00 FF FF FF FF FF FF FF Thanks for any help. -Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16181&t=16100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip precedence [7:16170]
At 09:19 AM 8/15/2001 -0400, you wrote: >Does ip precedence field remain intact while traveling through different >autonomous systems or is it set to a default value during the transitions? > The answer is "it depends." Each AS has the right to change it, but few do. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16183&t=16170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP Design Guide [7:16179]
Hi All Is there anyone who can point me to the BGP Design Guide on the Cisco Website, It is the same author as The OSPF Guide. Many Thanks, Sergio Silva Network Engineer Mobile 0833261349 Land0117091658 Fax 0117091141 [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16179&t=16179 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Cisco Networking Acad. questions [7:16180]
Hi! I was wondering if anyone has take the CCNP 2 year course at the Cisco Networking Academy. If so, did you take a CISCO exam after each semester? Were the classes very helpful for the exam, or did you need additional study? Did you find that going to the Academy helped in finding a job? I am starting school next week and was just wondering if it's worth the 2 year investment in time. Thanks Doug Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16180&t=16180 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Default Export Policy? [7:472]
At 02:47 AM 8/15/2001 -0400, you wrote: >In OSPF and ISIS you don't or you cannot use import >policiesinconsistence in LSDB >But this would make sense when you what OSPF/ISIS routes to be exported into >BGP, or import/export on bgp peers. >Juniper isin't for the lay person...That is implied Wil >For what is an active route see Julians Email...thats pretty descriptive. >Cheers You might even want to look at http://www.ietf.org/internet-drafts/draft-ietf-bmwg-conterm-00.txt which is focused at BGP convergence, but cleans up some of the terminology which is ambiguous in RFC 1771, the BGP RFC, the new version of which is entering Draft 13 and may or may not yet be fully stable. >""Wilson, Bradley"" wrote in message >news:[EMAIL PROTECTED]... > > Hey gang - > > > > I'm sitting here reading "Installation and System Management." Page > > 12, under "Routing Policy," says "Specifically, each routing protocol > > exports only the *active* routes that were learned by that protocol. > > [emphasis mine]" > > > > So my question is: what's an "active" route? One which is actually > > installed in the forwarding table? That seems like it would make > > reconvergence take longer, since your downstream neighbors wouldn't know >of > > the alternative routes. Convergence isn't the issue here. The reason not to forward inactive routes is loop prevention. There are experimental schemes that do involve backup routes, particularly in MPLS. They get very complex. >It also seems like it wouldn't apply in the case >of > > OSPF or ISIS. > > > > Any comments? > > > > > > > > Bradley J. Wilson > > CCNP CCDP MCSE NNCSS CNX MCT CTT > > EDS/Boston Scientific Account > > (508) 650-8739 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16178&t=472 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip precedence [7:16170]
It is untouched unless a provider decides to mess with it which is not completely uncommon. *** REPLY SEPARATOR *** On 8/15/2001 at 9:19 AM [EMAIL PROTECTED] wrote: >Does ip precedence field remain intact while traveling through different >autonomous systems or is it set to a default value during the transitions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16177&t=16170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: windows 2k VPN on 1700 Router [7:16104]
Here remote windows clients over the internet gain access to the private w2k LAN. My "sample" uses a 1720, pre-shared key, IPsec/3des, installed the IOS firewall and IDS. Building configuration... Current configuration : 2825 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname sample_1720 ! logging rate-limit console 10 except errors no logging console enable secret 5 xx. enable password 7 ! memory-size iomem 25 clock timezone ET -5 clock summer-time edt recurring ip subnet-zero no ip source-route no ip finger ip tcp synwait-time 5 no ip domain-lookup ! no ip bootp server ip inspect name fw tcp ip inspect name fw udp ip inspect name fw ftp ip inspect name fw tftp ip audit notify log ip audit po max-events 100 ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share crypto isakmp key r0cknr011 address 0.0.0.0 0.0.0.0 crypto isakmp client configuration address-pool local VPN-POOL ! ! crypto ipsec transform-set trans1 esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set trans1 ! ! crypto map intmap client configuration address initiate crypto map intmap client configuration address respond crypto map intmap 10 ipsec-isakmp dynamic dynmap ! cns event-service server ! ! ! interface FastEthernet0 description Internal LAN w/NAT ip address 192.168.1.1 255.255.255.0 ip nat inside no ip route-cache no ip mroute-cache speed auto full-duplex no cdp enable ! interface Serial0 ip address 199.x.x.x 255.255.255.252 ip access-group 105 in no ip redirects no ip unreachables ip nat outside ip inspect fw out encapsulation ppp no ip route-cache no ip mroute-cache no fair-queue service-module t1 timeslots 1-24 no cdp enable crypto map intmap ! ip local pool VPN-POOL 172.16.1.1 172.16.1.255 ip nat inside source route-map nonat interface Serial0 overload ip kerberos source-interface any ip classless ip route 0.0.0.0 0.0.0.0 64.30.27.197 no ip http server ! access-list 105 deny ip 192.168.1.0 0.0.0.255 any access-list 105 permit tcp any host 199.x.x.x eq telnet access-list 105 permit esp any any access-list 105 permit udp any any eq isakmp access-list 105 permit tcp any 192.168.1.0 0.0.0.255 eq smtp access-list 105 permit tcp any 192.168.1.0 0.0.0.255 eq pop3 access-list 105 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 110 deny ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 access-list 110 permit ip 192.168.1.0 0.0.0.255 any no cdp advertise-v2 no cdp run route-map nonat permit 10 match ip address 110 ! banner exec ^C You are accessing a private system. You are not authorized to use this system. Please go away !^C banner incoming ^C This is a private system. Unauthorized use or tampering is prohibited. ^C ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 1 password 7 153258582C237C1B632431024131222752 login line vty 2 4 login ! no scheduler allocate end -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Jones Sent: Tuesday, August 14, 2001 7:59 PM To: [EMAIL PROTECTED] Subject: windows 2k VPN on 1700 Router [7:16104] Can anybody give me a "heads up" on how to config a 1720 router 12.2T to accept a VPN tunnel across the internet from a win 2k box? Thanks, xw _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16176&t=16104 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Distance Vector in the backbone? [7:16120]
While I agree completely with Peter's statements, I think there may be two issues being mingled. Area 0.0.0.0, especially when there are no backbone-only routers, uses a DV-like algorithm to propagate inter-area and exterior routes. There's no use for a Dijkstra. Inside a nonzero area, the Dijkstra algorithm only computes intra-area routes, with a computational workload on the order of the square of the number of routes plus the logarithm of the number of routers. Inter-area and external routes are added to the routing table of that area as a second step, the workload for which is linear with the number of non-intra-area routes. At 08:55 AM 8/15/2001 -0400, you wrote: >Hey Ralph, > >This statement is quite true. Is there an area you wish to break down more >fully? > >For support, see the draft-ietf-ospf-abr-alt-04.txt which includes the >following text: > >In OSPF domains the area topology is restricted so that there must be >a backbone area (area 0) and all other areas must have either >physical or virtual connections to the backbone. The reason for this >star-like topology is that OSPF inter-area routing uses the >distance-vector approach and a strict area hierarchy permits >avoidance of the "counting to infinity" problem. OSPF prevents >inter-area routing loops by implementing a split-horizon mechanism, >allowing ABRs to inject into the backbone only Summary-LSAs derived >from the intra-area routes, and limiting ABRs' SPF calculation to >consider only Summary-LSAs in the backbone area's link-state >database. > > >*** REPLY SEPARATOR *** > >On 8/15/2001 at 12:12 AM Ralph Fudamak wrote: > > >Question about OSPF and LSA type 3 behavior. Doyle in Routing TCP/IP vol > >1: > > > >"When another router receives a Network Summary LSA from an ABR, it > >does > >not run the SPF algorithm. Rather it simply adds the cost of the route to > >the ABR and the cost included in the LSA. A route to the advertised > >destination, via the ABR, is entered into the route table along with the > >calculated cost. This behavior - depending on an intermediate router > >instead of determining the full route to the destination - is distance > >vector behavior. So, while OSPF is a link state protocol within an area, > >it > >uses a distance vector algorithm to find inter-area routes." (pg 474,475) > > > >Please enlighten me. > > > >TIA, > >Ralph Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16175&t=16120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Loopback Interface [7:16174]
Would you please explain me in simple terms what is loopback interface? One of the techs from our ISP told me to config my router for loopback interface instead of multilink interface so that he would push the config to my router. He also told me that multilink requires high CPU usage. Would you please give me your opinion on this. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16174&t=16174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ARP Thrashing [7:16147]
You might be hitting CSCdj44058, which is aparently a cosmetic bug only. Try upgrading to a higher version of software (12.0 GD releases are very stable). Regards, Dragi Muhammad Shakeel Shamsi wrote: > > I am having an ARP trashing error on a Cisco 2501 router, read > about it on www.cisco.com. Summary is that router has a queue > length of 16 to store ARP's, a new request kicks out old ARP > already in the queue thus causing thrashing of ARP, the > concerned network is crowded with HUBs, Any idea how to solve > this problem. > > Here is what i am getting on the router. > > Traceback= 317B062 317B30E 31A08E6 > 03:55:04: %SCHED-3-THRASHING: Process thrashing on watched > queue 'ARP queue' (count 52). > -Process= "ARP Input", ipl= 6, pid= 6 > -Traceback= 317B062 317B30E 31A08E6 > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16173&t=16147 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN 3000 using certificates [7:16172]
When using Digital certificates for authentication I am facing problems if the vpn3000 internal user database is used for extended authentication. If an internal user is created and if that user does not belong to the VPNC_base_group then the extended authentication fails. i.e. if a new group is created for remote dialup users ( e.g. ipsecgroup) and the internal user (e.g. ipsecuser) is configured to belong to the "ipsecgroup" group. Then the internal user authentication fails (if using digital certificates). If using preshared keys, and if the user is made part of the ipsecgroup then the user does get authenticated. In the "IPSec Parameters" we have a field named "IKE Peer identity validation" for remote dialup users where we can force the concentrator to validate the user based on the attributes in his public certificate. This makes me believe that even if a user is made part of a particular group ( e.g. ipsecgroup) and if that user is using Digital certificates for session authentication the whole thing should still work. Any ideas? . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16172&t=16172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7200 router question [7:16100]
What version of IOS? -Original Message- From: [EMAIL PROTECTED] [mailto:ICPPhila_Email_Re [EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 8:04 AM To: [EMAIL PROTECTED] Subject: 7200 router question [7:16100] Hi guys, I got a I/O-FE that doesn't get inserted or recognized after booting up. Is there anyway to manually force it to insert once the router is booted? Below is my show diag: slut-hosting#show diag Slot 0: Fast-ethernet on C7200 I/O card with MII or RJ45 Port adapter, 1 port Port adapter is disabled Port adapter insertion time unknown EEPROM contents at hardware discovery: Hardware revision 1.2 Board revision A0 Serial number 10938985 Part number73-2956-02 Test history 0x0 RMA number 00-00-00 EEPROM format version 1 EEPROM contents (hex): 0x20: 01 83 01 02 00 A6 EA 69 49 0B 8C 02 00 00 00 00 0x30: 50 00 00 00 98 10 16 00 00 FF FF FF FF FF FF FF Thanks for any help. -Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16171&t=16100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ip precedence [7:16170]
Does ip precedence field remain intact while traveling through different autonomous systems or is it set to a default value during the transitions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16170&t=16170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Apology for: MCSE in 2 Weeks or CCNA/CCDA in 6 days [7:16169]
Hey I just talked to a buddy that just got back from their last class. He said that the camp was awesome and that it ran for over 16 hours everyday for 16 days. He also said that the instructor was a double CCIE that was knowledgeable, patient, and easy to work with. My buddy described it as more of a CCIE lab type training than a CCNP class, echoing your thought about not just covering the esoteric test facts but providing excellent hands-on labs, covering all the phy stuff including modem to modem connections with a tone generator, ISDN, all flavors of serial, and ATM. Of course all the major protocol stuff (RIP, the GRP's, OSPF, IS-IS, AND OF COURSE BGP) including multiple area and AS labs, mutual redistribution, policy based, extended lists both IP and IPX, traffic shaping, DDR, Dial-Backup and the list went on. Another issue; I'm am under the impression that this list is moderated so if it got through anybody can comment on it. So why don't y'all grow some hair and give the moderators an ear full not Jeremy. Yah That'll happen. - Original Message - From: "Wright, Jeremy" To: Sent: Tuesday, August 14, 2001 12:58 PM Subject: RE: Apology for: MCSE in 2 Weeks or CCNA/CCDA in 6 days [7:16080] > I apologize to everyone on the list for the message about the camp. MY > MISTAKE. Please note that Bellanca has never made a mistake. Thank you. > > > -Original Message- > From: Bellanca Smythe > [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 14, 2001 2:32 PM > To: Wright, Jeremy; [EMAIL PROTECTED] > Subject: RE: Apology for: MCSE in 2 Weeks or > CCNA/CCDA in 6 days [7:16076] > > You receive a message that looks like this: > > -Original Message- > From: Ron Rubens [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 14, 2001 10:13 AM > To: [EMAIL PROTECTED] > Subject: MCSE in 2 Weeks or CCNA/CCDA in 6 days > > > > ** > Get your MCSE in 2 Weeks or CCNA / CCDA in 6 days for > the lowest price ever. We are blowing out the last seats in > our August and September classes. > CALL NOW! > (800) 330-1446 www.intenseschool.com > ** > > > And you think it's from groupstudy? You must really think > people on this > list are stupid. I think you owe the entire group an apology > for your latest > "directions" for those that commented about you spamming the > list. > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > Wright, Jeremy > Sent: Tuesday, August 14, 2001 1:34 PM > To: [EMAIL PROTECTED] > Subject: RE:Apology for: MCSE in 2 Weeks or CCNA/CCDA in 6 > days > [7:16076] > > > I received this message about the bootcamp in my personal > email and thought > it was from the cisco groupstudy list. So I responded with > my comments about > the camp to the list, my mistake. Everyone who responded is > so uptight. > Maybe try having a drink or an enema or somethingit's > just a > message..I'm sorry > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16169&t=16169 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7200 router question [7:16100]
Hi guys, I got a I/O-FE that doesn't get inserted or recognized after booting up. Is there anyway to manually force it to insert once the router is booted? Below is my show diag: slut-hosting#show diag Slot 0: Fast-ethernet on C7200 I/O card with MII or RJ45 Port adapter, 1 port Port adapter is disabled Port adapter insertion time unknown EEPROM contents at hardware discovery: Hardware revision 1.2 Board revision A0 Serial number 10938985 Part number73-2956-02 Test history 0x0 RMA number 00-00-00 EEPROM format version 1 EEPROM contents (hex): 0x20: 01 83 01 02 00 A6 EA 69 49 0B 8C 02 00 00 00 00 0x30: 50 00 00 00 98 10 16 00 00 FF FF FF FF FF FF FF Thanks for any help. -Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16168&t=16100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF Distance Vector in the backbone? [7:16120]
Hey Ralph, This statement is quite true. Is there an area you wish to break down more fully? For support, see the draft-ietf-ospf-abr-alt-04.txt which includes the following text: In OSPF domains the area topology is restricted so that there must be a backbone area (area 0) and all other areas must have either physical or virtual connections to the backbone. The reason for this star-like topology is that OSPF inter-area routing uses the distance-vector approach and a strict area hierarchy permits avoidance of the "counting to infinity" problem. OSPF prevents inter-area routing loops by implementing a split-horizon mechanism, allowing ABRs to inject into the backbone only Summary-LSAs derived from the intra-area routes, and limiting ABRs' SPF calculation to consider only Summary-LSAs in the backbone area's link-state database. *** REPLY SEPARATOR *** On 8/15/2001 at 12:12 AM Ralph Fudamak wrote: >Question about OSPF and LSA type 3 behavior. Doyle in Routing TCP/IP vol >1: > >"When another router receives a Network Summary LSA from an ABR, it >does >not run the SPF algorithm. Rather it simply adds the cost of the route to >the ABR and the cost included in the LSA. A route to the advertised >destination, via the ABR, is entered into the route table along with the >calculated cost. This behavior - depending on an intermediate router >instead of determining the full route to the destination - is distance >vector behavior. So, while OSPF is a link state protocol within an area, >it >uses a distance vector algorithm to find inter-area routes." (pg 474,475) > >Please enlighten me. > >TIA, >Ralph Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16167&t=16120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
7200 router question [7:16100]
Hi guys, I got a I/O-FE that doesn't get inserted or recognized after booting up. Is there anyway to manually force it to insert once the router is booted? Below is my show diag: slut-hosting#show diag Slot 0: Fast-ethernet on C7200 I/O card with MII or RJ45 Port adapter, 1 port Port adapter is disabled Port adapter insertion time unknown EEPROM contents at hardware discovery: Hardware revision 1.2 Board revision A0 Serial number 10938985 Part number73-2956-02 Test history 0x0 RMA number 00-00-00 EEPROM format version 1 EEPROM contents (hex): 0x20: 01 83 01 02 00 A6 EA 69 49 0B 8C 02 00 00 00 00 0x30: 50 00 00 00 98 10 16 00 00 FF FF FF FF FF FF FF Thanks for any help. -Frank Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16164&t=16100 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay DLCIs [7:14717]
No you can not use any digits. I don't remember exactly but I think the valid range is 17-1027... Dennis ""suaveguru"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Yes you can use any digits provided they are not > reserved DLCIs > > regards, > suaveguru > --- "Provost, Robert" wrote: > > What numbers can you use for DLCIs? I have always > > seen three digit DLCI > > numbers. Can they be one digit? two? four? five? > > > > Thanks, > > Rob > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16166&t=14717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hello everyone...setup question for Teltone ISDN sim.. [7:16165]
I don't remember what my adtran is set to but I think it's short and 50. I can look when I get home. I also have a teltone. You'll need an ISDN device with a S/T interface to plug into the adtran. Or an ISDN device with a U interface to plug directly into the teltone. I have two routers plugged into mine. You can't plug in a PC NIC. Hope this helps... Dennis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello everyone. > > I just purchased the Teltone ISDN simulator. I also purchased two Adran ACE > NT-1. The ACE NT-1 came with striaght through rj-45 cables. I took the > cables and connected one end to the Port 1 of the isdn simulator and the > other side of the rj 45 connector to the back of the ACE NT-1 Network "U" > port. I did the exact same thing for the other Port on the ISDN simulator > as > well as the ACE NT-1 > > I would like to know what do I set EACH of ACE NT1 Buses to. I have "Short" > or "Long" for the configuration..and for Termination I see "None", "50", or > "100" > > Currently I have both setup as Short and 50 for termination. The power and > Error lights are fully enabled. The ready light flickers on and off every > second. Both NT1 are doing this. > > Now I would like to know if this setup is correct? If so great...now on to > the good part...how can I get two PC's to talk to each other utilizing these > devices?? Do I connect NIC card in each pc and run a cable from on end into > the NT1s? If anyone knows...please help. > > thank you for reading this rather long e-mail. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16165&t=16165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IPX Routing [7:15713]
Thanks for the advise, it came up in time am haveing some ipx routing problems. Our company has the same standard set up by the Novell admin. guy. We have a C2621 with two interface fe0/0 and fe0/1, fe0/0 can ipx ping another host, but not fe0/1. ipx routing take the mac of 0/0, is that why? I have tired to used the ipx advertise-default-route-only on the interface, i still can't ping from fe0/1. Initial i was able to get ipx translation when I install the router with a laptop on the fe0/1. Setting up the router in the site(wan) it stop working. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16163&t=15713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: css (arrowpoint products) [7:16153]
The closest command I could find is "show chassis slot ," but that only gives you the base MAC address for the entire box. BJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 7:29 AM To: [EMAIL PROTECTED] Subject: css (arrowpoint products) [7:16153] hi. i need help about css products. is there a command that shows mac address of any interface on css? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16162&t=16153 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MOTD on Cat5000/5500 [7:16137]
My guess would first go to what software revision are you running? My second would be to ask that are you accidentally typing your delimiting character? I have tried on 6.1(2) without any problems... However, on 5.3(2) The banner did cut off after a few lines of text. -- Kevin > Kevin, > > thanks for the info. The problem I am having is that, after typing in 5 > or 6 lines, the switch itself ends the MOTD entry and says 'banner > motd set', even without me typing the ending delimiter. Any idea what > could cause that ? > Thanks for your help in advance. > > Regards, > > Hans > > >>From: "Kevin Welch" >>Reply-To: "Kevin Welch" >>To: [EMAIL PROTECTED] >>Subject: Re: MOTD on Cat5000/5500 [7:16137] >>Date: Wed, 15 Aug 2001 06:48:51 -0400 >> >>Usage Guidelines >> >>The banner cannot contain more than 3,070 characters, including tabs. >>Tabs display as eight characters but take only one character of memory. >> >>That is from : >>http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_5/cmd_re f/ >>ses_sete.htm#xtocid85598 >> >>It would appear that this may vary depending on software image loaded >>on the device. Hope that helps.. >> >>-- Kevin >> >> > Hello colleagues, >> > >> > I have a question regarding the Message of the Day banner on >> > Cat5000/5500 switches. It looks like I am limited to 255 >> > characters; do you know if this can be changed so that I can put in >> > a banner that exceeds 255 ? >> > Thanks for your help in advance. >> > >> > Regards, >> > >> > Hans >> > >> > >> > _ >> > Get your FREE download of MSN Explorer at >> > http://explorer.msn.com/intl.asp >> > Nondisclosure violations to [EMAIL PROTECTED] >> >> >> >>http://www.siliconsamurai.net >> >>- >>This email was sent using SquirrelMail. >>"Webmail for nuts!" >>http://squirrelmail.org/ > _ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp http://www.siliconsamurai.net - This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16161&t=16137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Strange Behavior on my IOS ! ! ! [7:16144]
You tried telneting to the router on the open ports from another router to see what the response is? Open? Refused? Timed Out? -Original Message- From: Hamid [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 11:54 AM To: [EMAIL PROTECTED] Subject: Re: Strange Behavior on my IOS ! ! ! [7:16144] I have checked these settings, PINGs, Trace Routes results are fine. Everything seems to work fine and the DNS is resolving, As I mentioned before they can browse the Internet without any problems. Hamid ""Kevin Welch"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Without knowing more its hard to say... personally I would blame this > issue on user error or possibly a DNS problem by the limited information > available. Have you been able to duplicate the problem yourself? Run > pings, traceroutes, check name resolution, etc... Start with the > troubleshooting basics and see where that leads you. > > -- Kevin > > > Hi group > > > > I have recently upgraded the IOS on my C3660 router to a IOS 12.2.3 > > ENTERPRISE/FW/IDS PLUS IPSEC 56. The previous version was 12.0.7 XK. > > > > No configurations have been changed. The router has 4 NM-16AM modules > > which currently acts as an Access Server. > > > > The problem is none of my clients can login using their MSN Messenger > > or Yahoo Messenger, they can't chech their E-mails with programs like > > Outlook either. > > > > I have checked the configs, there are no access lists applied to the > > Async interfaces. I still can login to my Messengers in the LAN. > > > > I have returned the previous IOS and everything worked fine ! ! ! > > > > Any idea what the problem is? > > > > Thanx in advance > > > > Hamid > > Nondisclosure violations to [EMAIL PROTECTED] > > > > understand, v.: > To reach a point, in your investigation of some subject, at which > you cease to examine what is really present, and operate on the basis of > your own internal model instead. > > - > This email was sent using SquirrelMail. >"Webmail for nuts!" > http://squirrelmail.org/ ** The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. This message and any attachments have been scanned for viruses. Orbiscom Ltd. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. www.Orbiscom.com ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16160&t=16144 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CODE RED protection ! ! ! [7:15989]
Hamid- As great as the desire is to just block access to a port, or oversee all traffic, sometimes it's just not reasonable to do so. I'm assuming that you are with an ISP from your reference to customers. Since you really can't just block 80, as has been suggested, might I suggest a different approach. Use of a competent Intrusion Detection System will easily show you the IP addresses of infected systems. If you take any addresses that are sending out attacks that belong to your customers and then inform the customer that they are infected, you could at least let them know that they need to fix the problem. If they don't you have the option of turning off their connection, but that is entirely up to you and what you can do as a business. As far as Intrusion Detection Systems, you don't need to spend a lot of money to set one up. There are some great linux/windows based systems out there that are freeware. Andras -Original Message- From: Hamid [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 2:37 AM To: [EMAIL PROTECTED] Subject: Re: CODE RED protection ! ! ! [7:15989] Hi The problem is that I do have web servers on my network, blocking port 80 would stop these web servers . Hamid wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > my company just got hit by code red last week. the only logical thing to > deploy on your routers is to block all access to port 80 in and out of all > the interfaces by ACL. > > Unless you have the luxury of running IOS 12.1 and above on all your > routers, you will not be able to use NBAR. Deployed the ACLs onto all > interfaces to control all port 80 traffic. > > Use "ip route-cache flow" and "show ip cache flow" on your interfaces to > detect the IP addresses that are propagating http traffic to port 80. You > will have to look out for port 0050 under destination port when you perform > a "show ip cache flow". > > Cheers. > > - Original Message - > From: "Dennis Bailey" > To: [EMAIL PROTECTED] > Sent: Tue, 14 Aug 2001 15:34:19 -0400 > Subject: Re: CODE RED protection ! ! ! [7:15989] > Depending upon the router platform you can use NBAR. > > I am just really depressed right now because there are costumers getting > involved in our business. I knew I wasn't the only one who liked to get > dressed up but now think of the pressure that there will be with > professionals out there.. > > > ""Hamid"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi group > > > > I have some costumers whom I belive are infected with CODE RED. Any ideas > > how I can deny any traffic related to CODE RED on my router? > > > > Thanks > > > > Hamid > -- > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > Check any e-mail over the Web for free at MailBreeze > (http://www.mailbreeze.com) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16159&t=15989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 7206VXR [7:16054]
It's not that "I'm" trying to connect two switches in half duplex mode. I've been examining a new network responsibility and it involves this connection. We have a separate group in this company that configures the switches. In order for me to have them change the configuration I need to have the information I'm looking for, namely, are Ethernet interfaces on a 7206VXR router by default half-duplex or full-duplex. The command full, or half-duplex does not appear to apply to this router. On a Fast Ethernet interface a show interface command will tell you the duplex setting, but not so with the Ethernet interface. -- James Haynes Network Architect Cendant IT A+,MCSE,CCNA,CCDA,CCNP,CCDP, CQS-SNA/IPSS ""Brian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The question is, why on earth would you want to connect 2 switches in half > duplex mode, so much performance is being given up.. > > Brian "Sonic" Whalen > Success = Preparation + Opportunity > > > On Tue, 14 Aug 2001, Moe Tavakoli wrote: > > > The command is "full-duplex" > > > > Also, you'll need to set your 3548 to 100/full not 10/half. > > > > That should fix your problem. > > > > Moe. > > > > > > -Original Message- > > From: James Haynes > > To: [EMAIL PROTECTED] > > Sent: 8/14/2001 10:16 AM > > Subject: Cisco 7206VXR [7:16054] > > > > I've got a Cisco 7206VXR running IOS Version 12.0(10)S. It has a couple > > of > > Ethernet interfaces connected to a Cisco 3548XL switch. I've seen alot > > of > > collisions on the interfaces of the router and alot of collisions and > > runts > > on the ports of the switch they are connected to. The first thing I > > thought > > of was duplex or speed mismatch. I checked the switches settings and > > both > > ports are set to 10Mbs/half-duplex as they should be. I've been trying > > to > > check the duplex setting on the router interfaces and I can't find a > > command > > that allows me to see that. I've tried using the duplex command in the > > interface configuration mode, but that is not understood. Am I correct > > in > > thinking the duplex setting is set to half by default? > > > > -- > > James Haynes > > Network Architect > > Cendant IT > > A+,MCSE,CCNA,CCDA,CCNP,CCDP, > > CQS-SNA/IPSS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16157&t=16054 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: tools for detecting DOS attack other than ip accounting [7:16156]
Well, I would recommend using an IDS and a span port on a switch. Snort (http://www.snort.org) is an opensource Intrusion detection system that ties into tools like syslog and swatch and can accurately report Intrusion and Denial of Service attempts allowing you then decide how to respond. These tools would generally rely on a unix system attached to a switch span port on the lan side of your router. -- Kevin > hi all > > anyone knows if there are any tools to detect DOS > attack on network other than turning on ip accounting > at the routers because ip accounting utilises very > much CPU resources on the router > > any inputs will be greatly appreciated > > regards > > suaveguru > > __ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! > Messenger http://phonecard.yahoo.com/ > Nondisclosure violations to [EMAIL PROTECTED] http://www.siliconsamurai.net - This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16156&t=16156 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MOTD on Cat5000/5500 [7:16137]
Kevin, thanks for the info. The problem I am having is that, after typing in 5 or 6 lines, the switch itself ends the MOTD entry and says 'banner motd set', even without me typing the ending delimiter. Any idea what could cause that ? Thanks for your help in advance. Regards, Hans >From: "Kevin Welch" >Reply-To: "Kevin Welch" >To: [EMAIL PROTECTED] >Subject: Re: MOTD on Cat5000/5500 [7:16137] >Date: Wed, 15 Aug 2001 06:48:51 -0400 > >Usage Guidelines > >The banner cannot contain more than 3,070 characters, including tabs. Tabs >display as eight characters but take only one character of memory. > >That is from : >http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_5/cmd_ref/ >ses_sete.htm#xtocid85598 > >It would appear that this may vary depending on software image loaded on >the device. Hope that helps.. > >-- Kevin > > > Hello colleagues, > > > > I have a question regarding the Message of the Day banner on > > Cat5000/5500 switches. It looks like I am limited to 255 characters; > > do you know if this can be changed so that I can put in a banner that > > exceeds 255 ? > > Thanks for your help in advance. > > > > Regards, > > > > Hans > > > > > > _ > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp > > Nondisclosure violations to [EMAIL PROTECTED] > > > >http://www.siliconsamurai.net > >- >This email was sent using SquirrelMail. >"Webmail for nuts!" >http://squirrelmail.org/ _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=16158&t=16137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]